DataWorks:Approval center

DataWorks Approval Center currently supports the following features:

• Configure a custom request processing policy: You can specify request scopes and configure custom request processing procedures to manage permissions on key data sources and high-risk operations. You can also configure notification methods such as text messages, emails, or DingTalk chatbots.

• Process requests: Users who submit or process requests can approve or reject them in the Approval Center.

For more information about custom approval policy operations, see Request processing policies for compute engine data, Request processing policies for DataService Studio, and Request processing policies for extensions.

The following figure shows the request processing procedure after a custom request processing policy is configured in the Approval Center and a user submits a request for permissions on table fields in the Security Center.

• In Security Center, when a user submits a request for permissions on a specific field in a MaxCompute table, DataWorks determines the type of request processing procedure based on the field.

  • If the field on which the user requests permissions belongs to the data range specified in a custom request processing procedure, the request is processed based on the custom request processing procedure in the Approval Center.

  • If the field on which the user requests permissions is outside the data range specified in a custom request processing procedure, the request is processed based on the default request processing procedure in the Security Center.

• If the request hits multiple custom request processing policies in the Approval Center, DataWorks selects one custom request processing policy based on the value of the Priority of Policy for Tables parameter.

  When configuring a custom request processing policy, you can specify the data range to which the policy applies based on project scope and define approvers and notification methods. You can also specify the data range based on data classification, and configure the priority between these two methods according to your requirements. For more information, see Request processing policies for compute engine data.

The following figure shows the request processing procedure after an applicant submits a request for required permissions in the Security Center.

• When you perform a specific operation on an API, function, or service orchestration in DataService Studio, DataService Studio determines whether to use a custom request processing procedure based on whether you configured the custom procedure for the workspace in which the operation is performed.

  • If you configured the custom procedure for the workspace in which the operation is performed, the request is processed based on the custom request processing procedure in the Approval Center.

  • If you did not configure the custom procedure for the workspace in which the operation is performed, the user can perform operations on APIs, functions, or service orchestration in DataService Studio without requesting permissions.

• When performing custom approval flows, DataWorks routes the approval flow according to the approval policy set in the approval center.

  When configuring a custom request processing policy, you can specify the data range to which the policy applies based on project scope and define approvers and notification methods. For more information, see Request processing policies for DataService Studio.